3. Information Warfare

There is a very extensive and broad discussion associated with the
concept of Information Warfare and is difficult to distinguish true
facts from pure speculation. However there is enough evidence to point
to the reality of a new capability. Trying to define Information
Warfare in a definitive way would lead to premature military policies as
to what is and what is not Information Warfare. However, it is equally
important to put forth some definitions that will help in bounding the
problem and help in reviewing our traditional military warfare
activities.

The various terms that are used in this area, Info-Doctrine,
Cyberwar, Netwar and others terms indicate that it is still early in the
debate. As yet nobody has put forth a set of definitive and complete
tenets of Information Warfare. There are organizational effort to
structure what are seen as Information Warfare activities. This permits
a certain amount of classification work as to the threats, capabilities
and objectives of Information Warfare. It is also evident, as presented
earlier, that the emerging synergistic effects of Information Warfare
require a more sophisticated conceptual framework so as to help
integrate various the various traditional but separate capabilities such
as EW, Intelligence collection, Target and Damage Assessment, IT
security etc. The roles and mission of those capabilities are well
known and need not be highlighted here. The intent here is to refine
the understanding of Information Warfare by putting forth a conceptual
framework and permits the development an action plan. Specifically
towards the development of a military Information Warfare capability
adapted to the requirements of an information based society.

3.1 Information Superiority

The guiding Vision for Information Warfare can be simply stated:
Information Superiority through the availability and use of the right
information, at the right place, at the right time, to all decision
makers, while denying that information to the enemy. Information
superiority is achieved through the development of Core Capabilities
such as Knowledge Management, Joint Surveillance, Information Warfare
and Information Technology. Information Warfare and Knowledge
Management are new areas.

3.2 Definition of Information Warfare

There are several definitions of Information Warfare that are being
put forward, mostly by US Military Organizations and Services. Whereas
the Navy and Air force have Information Warfare capabilities, the Army
is proposing Information Operations as being the mainstay of their
conceptual approach. To be noted is that Russian Military Doctrine has
always included the notion of Information Weapons; a fusion of advanced
command and control, communications , intelligence systems,
psychological and electronic warfare.

Information Warfare need to be seen as a cybernetic cycle.
Observation, Analysis, Options Selection Decision Making, and Execution.
This process is articulated in an Information Warfare Cycle as
illustrated in figure 5.

Figure 5
The Information Warfare Cycle

Information Warfare concerns itself with the control and
manipulation of information and information flows. Specifically with
the acquisition, process, storage, distribution and analysis of data and
information. At a conceptual level, IW consists of all efforts to
control, exploit, or deny an adversary's capability to collect, process,
store, display, and distribute information, while at the same time
preventing the enemy from doing the same. The intent is to control,
manipulate, deny information, influence decisions, and degrade or
ultimately destroy adversary systems while guarding friendly systems
against such action.

This definition is quite broad but in many respects sufficient to
show what Information Warfare as a concept authorize and legitimize new
capabilities, as well as integrate the well established and understood
arsenal of environmental capabilities (Joint, Army, Navy, Air Force) as
well as concerned Governmental agencies.

3.3 Advantages of Information Warfare

As indicated earlier, it is in the new realm of networked systems
that this definition finds its new applicability. To achieve
information superiority in a networked information system prior to or in
support of the traditional war fighting activities, offers the
government and the military a whole new range of options never seen
before:

Information Warfare can prevent battle and reduce engagement. This
will lead to more integrated and sophisticated conflict resolution
activities prior to a military engagement.

It will permit the maximum exploitation of all available and
relevant information.

It will help in exercising our understanding of the conflict in all
its political, social, economic and cultural dimensions as well as
facilitate action.

It will ensure a superior use of our networks and Information
Technology investments.

It will create synergy by remove the logical and organizational
barriers between the different units and capabilities. It will help
focus Coordination and Cooperation at all stages of the conflict.

It will facilitate change; and

It will better explain past success and failures.

To support these objectives, new capabilities and skills are
required. These expectations originate from the integration of the
previously segregated activities such as Intelligence, Security, Joint
and Combined Operations, Electronic Warfare, Psychological (Heart and
Minds) type of Operations, supported by global and inter-operable
Command and Control Information Systems.

3.4 Command and Control Warfare

We see that Information Warfare activities is not strictly done only
by the military, it is an activity that need to be shouldered by a
number of governmental agencies. No single service, agency or
department is capable of doing all Information Warfare activities. It
can only be achieved if the government brings all of its information
production and exploitation assets to bear on a situation.

If Information Warfare is not just a military responsibility then
there needs to a specific focal point for military Information Warfare
activities. This area is called Command and Control Warfare. Without a
doubt, however, the military bears the brunt for ensuring that IW
activities are done such as peacekeeping and humanitarian aid. These
are cases of concerted and coordinated efforts between Government
agencies, NGO, and the military. But as always, in final analysis, it
is the military that deploys or will be called to develop Information
Warfare assets.

This proposes that in purely military terms, Command and Control
Warfare capabilities will establish a large proportion of a government
Information Warfare capability. Within military operations Joint
Command and Control Warfare is the only appropriate avenue for
Information Warfare activities directed against other Command and
Control systems and requires that Joint Command and Control Information
Systems become the military supporting infrastructure for conducting
Information Warfare operations. Unfortunately this also begs the
question if it appropriate for the military to support Information
Warfare operations against other elements of a society’s information
infrastructure in periods that are not characterized by open warfare.

Command and Control Warfare focuses on trying to maintain control
over enemy military Command and Control Information Systems assets. The
problem is that Command and Control Warfare in itself lacks completeness
since it does not integrate the broader strategic cultural, social,
economic and political constraints into relevant action in support to
the crisis management activities that normally occur during the earlier
phases of conflict as illustrated in figure 6.

Figure 6
Spectrum of Military Activities

The US concept of Operation Other Than War (OOTW) is also address
the fact that Information Warfare activities need to happen earlier in
the spectrum of conflict activities than the ones purely associated with
Command and Control Warfare activities. This therefore requires that
the military and other agencies coordinate and cooperate in ways that
have not been examined in the past. In Canada this is less of a problem
because of our limited resources have always accentuated cooperation and
coordination between Other Government Departments (OGD).

The recent development of a Canadian Maritime Network (CanMarNet) is
an example of a interdepartmental information network that supports the
exchange of maritime information between DND, the Department of
Fisheries, the Coast Guard, and the RCMP. This system proved its value
in the recent fishery conflict with Spain. And one can argue quite
successfully that this conflict was a good example of Information
Warfare. In this situation the military provided the surveillance,
monitoring and communication infrastructure and the fisheries department
acted in a lead capacity. These type of interdepartmental network will
evolve and grow rapidly over the next few years. A governmental network
will be able to mobilize and coordinate action throughout departments.
Eventually, these networks will becomes elements of a larger government
information infrastructure.

3.5 New Military Information System Vulnerabilities

At present Information Warfare in Canada is discussed more active in
the private and civilian sector more than in the military. This because
of US computer security organizations such as the National Computer
Security Association (NCSA) that predict that an Information War will be
waged against the most vulnerable elements and infrastructure components
of a nation. And these are mostly civilian information infrastructure
components. This is an easy target because an information intensive
nation is very vulnerable to Information Warfare. Deliberate and
planned computer sabotage, the seeding of viruses, global
disinformation, and subversive control of a network could cripple the
economy, wipe out banks savings, shut down phone systems, subvert trust
and belief in democratic institutions and disrupt essential services and
organizations. Through data manipulation, theft, system sabotage and
other means, entire economies and institutions may be rendered
unworkable. These kinds of scenarios raise serious questions about who
should have the capability to defend national interests. But it also
blurs the distinction between military and civilian Information Warfare
activities, mandates and responsibilities.

With the present military trend to acquire more and more commercial
software and hardware products, and the growing need for system
interoperability, for better or worse, the civilian information
infrastructure, the governmental information infrastructure, and the
military information infrastructure are going to amalgamate. This
situation causes military infrastructure to be increasingly exposed.
Furthermore these infrastructures are structurally weak and assailable
because they are built using products that meet commercials needs first
and not for military mission critical operations requirements.

Interoperability tends to stress standardization but too much
computer system standardization is a liability and a destabilizing
factor. Whole systems can become outdated or out performed by the
creation of a new component. They can become incapacitated quickly,
incapable of recovering from a single system wide attack on a single but
common element to all components of the network such as a unique
operating system or a unique communication protocol. A certain amount
of controlled evolution through diversity confers to the network a
certain amount of robustness and vitality.

3.6 Displacement of Warfighting Activities

Displacement in wealth producing activities have always from the
less efficient sectors of activity towards efficient ones. As seen in
the development of western society the creation of wealth has passed
from agricultural sector, to industrialization sector, and is now
centrally located in the information based activities. Each new
structure of wealth creation subsumes previous or older ones. They do
not totally replace them but incorporate them and make them more
efficient. There is still an agricultural sector but it has gone
through mechanization then industrialization and now digitization. More
is produced with less people, resources and investment because the
processes are so much more efficient. As societies fight the same way
they create wealth then there will be also a displacement of focus of
military capabilities. New way of warfigthing will never totally
replace older capabilities but they will integrate them into more
efficient processes as well as displace the focus of military activities
towards newer and more effective configuration of technology and
organizational structure.

Fighting conventional weapon systems requires well established
military capabilities that rely on traditional hierarchical structure
but faced with new vulnerabilities, a newer form of command structures
with a more effective information infrastructure is required. It is
within this newer command structure that the older military capabilities
will be subsumed by the more effective command decision making
processes. In this information age, we must know how to fight
information wars as well as maintain our ability to fight the
conventional wars.

3.7 Information Warfare Conceptual Framework

A conceptual framework must serve several purposes. It must be able
to structure a series of new conceptual component by showing the causal
relationships that exist between them. It must also be able to
integrate older concepts into this explanatory scheme. This amalgam of
old and new will help show what new capabilities and opportunities.

To fully analyze what Information Warfare bring to strategic
analysis several new matrixes will be developed. The first one will be
a Target Matrix. This will help in the classification problem of what
is are different classes of target that Information Warfare focuses on.
This second element of our conceptual framework is the Weapon Matrix.
It will show the new arsenal that needed to wage a Information Warfare.
Naturally most the discussion is about the potential of such “weapons”
but as the capabilities exist today there is need to explore how they
would be used during a conflict.

In order to build the most complete and congruent IW analytical
framework possible, one that can apply in all situations using the
Weapon and Target Matrix, a third one will be generated an Information
Warfare Strategy and Planning Matrix based on possible targets and types
of weapon needs to be developed. The strategic objective will determine
both the type of target and the type of weapon. This matrix should be
used as part of the strategic planning process. Along one axis Target
Analysis will reveal the potential classes of targets. Along the second
axis we can list the types of weapons that could be perpetrated against
these targets. The resulting table offers insight as to the outcome of
using a specific type of weapon on a specific target.

3.7.1 Information Warfare Target Analysis

The following Target Matrix is developed focused specifically on the
decision making and its underlying support. If adversary decision
making processes are paralyzed or subverted then the enemy system is
under our control. This somewhat radical keeping in mind that several
centuries of history have distilled principles of war but this approach
is suitable to examine potential Information Warfare targets. There are
presently other approaches that have their grounding in the capabilities
themselves ( Deception, EW, OPSEC, Psy Ops, Physical Destruction) but
these are somewhat “bottom up” approaches. This framework is more
abstract but somewhat more powerful than other proposals.

3.7.2 Types of Target

The aim is to attack or disable the principal or major decision
makers via their information infrastructure. As seen in the earlier
discussion on control , attacking the decision making mechanisms will
directly affect the control of the system. The main targets
classification method is around the binary relationship between goals
and decision makers. Whatever the size of the adversary there is a
fundamental relationship between the numbers of decision makers and the
goals they seek to accomplish. There are three main categories: Single
decision makers with single a single goal, multiple decision makers that
share the same goal, and finally multiple decision makers with multiple
goals (or not sharing the same one).

Any information systems can now be investigate in terms of a
socio-technical structure. At present, the best way to go about it is
to determine the decision nodes of the system. The could be computer
processes or users. By attacking these points the entire decision cycle
as well the decision types ( good or bad) and quality (timely, relevant,
accurate) can be affected. It is necessary to discuss only categories
of targets since this discussion is focused on the analytical framework.

3.7.2.1 Single Decision Maker /Single Goal

This is the monolithic organization. Mostly individuals or a very
autocratic organization but could extend this class of targets to single
central computational process (mainframe). Basically what we have here
is a unique decision making process with a unique goal. It is a very
focused target with a well bounded domain. All control functions are
subject to this unique decision maker.

For example if we focus on attacking individuals we could either use
their dependence on their system against them or focus the attack on
their data shadow. Extensive reporting of privacy issues and problems
have helped understand the problem. One could see how the information
used in point of sale for purpose of restocking can be used to determine
individual consumption habits that might interest insurance agencies for
the determination of incidence of heart attacks and rate setting. Also
in a rigid command and control organization focusing on the leaders
severs the decision making capability from the rest of the organization
making it somewhat headless. In the case of an unique computational
process the whole system is brought down or subverted. This type of
target is seen as relatively easy to attack and quite vulnerable.
Modeling this class of targets is seen as quite feasible and of low
difficulty.

3.7.2.2 Single Goal / Multiple Decision Makers

The next type of target is an control structure in which there are
there are several points of control. They could be either automated or
human and are distributed and could be dispersed over a geography but
having the characteristic that all the decision making agents are
focused on achieving a unique goal. This organizational structure is
more complex but its dynamics are know and understood. Some archetype
systems could be Command and Control Information Systems limited
commercial and private business networks, .

This is the area of inter-organizational networks and governmental
information infrastructure such as Saber and Wall Mart, America On Line,
DREnet, etc. These systems are the pillars of a nation, its economy,
and government services.

These structures have a major portion of their functionality that
rely on sophisticated automated processes. Furthermore they are
increasingly replacing human decision makers. Electronic Data
Interchange (EDI), Financial Institution Message Authentication (FIMAS)
and Just In Time logistic support are networks in which decision makers
are primarily econometric models (as discussed in the Knowledge
Management section). The shift from human to automated computer based
decision makers is the trend in knowledge intensive organizations such
as the military and specifically in command and control systems.
Modeling these types of system are difficult and are principally based
on stochastic/probabilistic, causal models, and time series
extrapolation methods.

3.7.2.3 Multiple Goals / Multiple Decision Makers

In this class of targets we can group transnational and
international organizations such as NATO, the United Nations, the
European Union (EU), North American Free Trade Agreement (NAFTA) etc.
Although these are emerging global structures, at the rate of network
growth, these organizations will come to rely extensively on global
information networks by the turn of the century. At this level it is
possible that Information Warfare will take on the flavor of economic
war. Continentalization of Europe, North America and the Pacific Rim
nations postulates that tensions between and within this triumvirate
will be forthcoming. It would be based on market capture and dwindling
natural resources. In these ecological-like structures multiple
decision makers are motivated according to specific but different
agendas. Some of these objectives when taken as a whole might present
several main poles of attractions. Polarization between these poles if
they differ then conflict overtakes cooperation.

3.7.3 Types of Weapons

There has been a lot written recently on what would an Information
Warfare look like. Scenarios focusing on Hacker Wars, Electronic
Warfare, Information Blockades etc. have been developed. But here
again these types of approaches are bottom up analysis that take their
origin in specific capabilities. There has not been a systematic
approach to an Information Warfare weapon taxonomy. At present time
there are three main classes of weapons which could be used to wage
Information Warfare. The classification is based on the effects of the
weapons and not on the weapons themselves. The effects of these
Information Warfare Weapons can be Physical, Syntactical, or Semantic.
The use of a physical weapon will result in the permanent destruction of
physical components and denial of service. A Syntactical weapon will
focus on attacking the operating logic of the system and introduce
delays or unpredictable behaviors. A Semantical weapon will focus its
effects on destroying the trust and truth maintenance components of the
system.

As a general observation, the number of network attacks has
increased tremendously over the last few years. This because it is not
solely a technical problem. Tools of the hacking and cracking trade
such as Satan, stealth and polymorphic virus builders are spurred on by
the rapid spread of all kinds of public and private networks. Network
analyzers and virus builder kits are readily available and at no costs.
Knowledge and information about these tools and capabilities flows quite
freely. So by leveraging both the power of these software tools and the
weakness of a network, either surgical precision or massive disruption
can be achieved on the overall decision making process of an
organization.

Information Warfare weapon technology is not at present time a
limiting factor but rather the present state of doctrinal, legal
organizational knowledge about these issues. Couching the weapon
capability in terms of Defensive versus Offensive Information Warfare is
a discussion as to the legitimacy of Information Warfare activity. The
US has approached this dilemma by separating Information Warfare into
two distinct parts; Offensive Information Warfare (OIW) and Defensive
Information Warfare (DIW).

The US military is focusing on developing a defensive capability
only. This is seen as acceptable and a legitimate Information Warfare
activity. But just doing DIW does not negate the necessity to probe and
act in an aggressive way. These active capabilities are required in
order to know to what extent are the vulnerabilities within their own
systems. And to take these actions requires an active capability. An
OIW capabilities. So talks about Defensive Information warfare without
combining it with Offensive Information Warfare is missing out on the
synergy that is required to become truly innovative in Information
Warfare.

A Vulnerability Analysis capability is one of the means that ensure
that an Information System has been efficiently and securely configured.
Several essential activities must take place to perform Vulnerability
Analysis such as probing to size the network and locate all its
elements, determine access points, install agents and covert processes,
explore, monitor and exploit. These are all “active” measures. For
simulation and wargaming, Defensive Information Warfare needs an
Offensive Information Warfare capability (Red cell) to achieve a
relatively safe risk management stance. Turning the capabilities inward
or outward, and calling them different things is a false separation as
they are two sides of the same coin. But because of the sensitivities
involved a Defensive Information Warfare stance is politically and
legally a more acceptable position than Offensive Information Warfare.
In order to develop a complete conceptual framework we must look at
Information Warfare as a continuum going from a Defensive stance to an
Offensive stance. As the DIW is a question of technical security and
more a reaction to OIW, I will primarily focus on Offensive Information
Warfare.

3.7.3.1 Physical Effects

This type of effect is achieved through weapon found in the realm of
the traditional "hard steel on target". The physical destruction of any
information structure offers complete denial of services. There are a
number of capabilities that are available to do this and they comprises
all the traditional weapon systems such as missiles, bombs, sabotage
etc. Targeting for destruction a network is easy. A node and net
evaluation must be done so as to cripple effectively the network. And
this type of analysis applies to other supporting networks such as
electrical and telephone grids etc.

Also there is more and more research being done on Directed Energy
Weapons. They are categorized under the heading of Radio Frequency
weapons. They are devices which destroy by radiating electromagnetic
energy in the (RF) spectrum with wavelength's greater than 1 mm
(frequency less than 3000 GHz). Suffice it to say that a pulse could
have handicapped the operations at the World Trade Center more than the
bomb did. These weapons are seen as a very important development
because they enable non-lethal use of force. Technology demonstrators
should be available within the next several years.

There is also the question that a system can be destroyed from the
inside using malicious code, a virus. Virus can change setting that can
permanently damage certain hardware components. But generally virus
will destroy or corrupts data files and executable programs. As the
denial of service would only be temporary. Recovery would be dependent
on the availability of having planned disaster procedures such as having
available CERT teams, mirrored and redundant systems using different
hardware and software systems, or off site/off line data storage. So
virus fall mainly within the next class of Information Warfare class of
effects

3.7.3.2 Syntactic Effects

There new Information Warfare weapons have specifically emerge for
the domain of information systems and networks. New viruses are being
created an incredible rate as well as their counter- measures - anti
viral software. Available now on the market are meta programming
environments that "incubate" viruses in accordance with the desires of
the attacker. The variety and combinations are daunting; Cruise viruses
are capable of destroying specific data sets. Stealth virus conceal
themselves from detectors and monitors. Polymorphic virus encrypt
themselves using variable keys. There are also new Protected Mode
viruses as well as the standard common file infector and boot sector
viruses. This class of weapons aims to control or disable the operating
logic of the targeted networks and systems. Using the operating systems
software as well as the different utilities, the virus can make the
system to act upon data in a different way or even simply waste cycles.

Virus need to be introduced into an information system either
through infected discs or through a network connection. It is also to
be noted that in most instance there is a separation between the data
and the process that manipulates the data. But with the new Object
Oriented Development (OOD) approach, data and process are packaged
together. OOD supports modularity in system building and reuse of
components. In many respects OOD is an ideal opportunity for planting
and disseminating Trojan horses. All these issues are hotly debated and
discussed. Technically the capability exist and he question for the
military is what to do with such as capacity. Incidences of viral
infection have risen but their spreading are less extensive due to the
increased use of anti-viral software. Incidents of system break-in have
also risen in the last year. Cracker toolkits are so sophisticated that
any weakness in a network will be found out quickly. New types of
sophisticated network analyzers have several layers of heuristics built
in. Cracking systems now has more to do with the sophistication of some
of the Knowbots, tools and poor system security configuration (due to
general lack of knowledge on the part of system administrators) than
with the ingenuity of the perpetrators. Anomalies in systems behavior
are normally not recorded if they occur in a purely random pattern.
Virus that were meant to stay under “deep cover” could go undetected.
For example some monitoring software application can check the clock,
disable the modem speaker, place a call, transmit data and disconnect
when done. There is a lot of fear that Internet software takes
information off the user’s disk and passes it over the network. Users
are somewhat used to a bit of erratic behavior on the part of their
system and would this would permit viruses to remain hidden for a long
time if they act in an non disturbing way.

There is a discussion on what I call the Jeckel and Hyde virus that
has its origin during the period in which memory was sparse and program
had very little space in which to be stored. A program could be written
so that it would run in a standard way but by bit shifting the code it
could be run as a totally different program. The problem here is that
this type of virus construction would be almost impossible to recognize
as it is valid software in its first mode. Furthermore, virus that can
make use of “cover channels and cover timing ”3 capabilities to
communicate would render even some aspect of security protection
measures completely ineffective.

System vulnerabilities increasingly are being actively sought after
and taken advantage of when found. Here lies one of the core doctrinal
axiom of Information Warfare. Control the enemy's network and you
control his decision making processes and his awareness and
understanding of events. here is no requirement to destroy his systems
or his data if this system is being controlled you. The use of Virus as
Information Warfare weapon specifically targets the structural component
of the information infrastructure i.e. the operating logic of the
system.

3.7.3.3 Semantic Effects

The objective of this class of weapon is to affect and exploit the
trust users have in the information system and the network, as well as
affect their interpretation of the information it contains. Semantic
Effects focus on manipulating modifying and destroying, the mental
models, the awareness and representations that are developed, and
constructed through the use of an information system. Whether it be a
civilian organizational information system or a military command and
control system. This is quite a challenge but this is the new
dimensions of what use to be Psychological Operation, and Deception.
These class of Information Warfare “weapons” alter the decision makers
representation of what the information system portrays as the "real"
world.

These weapons seek to affect not the information system itself but
the behavior of the users and influence their decisions. The best way
to think about these weapons are as “Memes” or virus of the minds that
can be created via the information systems. Spoofing other peoples
identity, selective spamming, broadcasting specific arguments and
discourses, misinformation, slogans, and information overload can
influence decision makers to a point where they misinterpret what is
happening. Humans have been employing this strategy for centuries in
all but the case of networked systems this has taken a new dimension .
Trying to recreate a close representation of what exactly is happening
in the real world is the most difficult part of conflict management and
warfare. However, this type of consideration will become more and more
central to the Information Warfare debate as Social User Interfaces
(SUI) start populating the systems. Interaction with Knowbots and
Agents and other interface metaphors that might be subverted to show
only specific types of data and information.

In the not so far future, multimedia information system environments
will be the main information management tool. With this (still to be
fully appreciated) context now needs to take into account the Freytag
triangle4 of information attributes that show difficulty and requirement
for more information rise and fall trough the specific phases of a
crisis (exposition, inciting incident, rising action, climax, falling
action and dénouement). As a consequence will require the user to rely
even more on automated processes to search, retrieve, collate, and
present information during the crucial information intensive phase of
the crisis. The danger (or opportunity) is that the “dramatic
orchestration” of what we believe as objective information is always
grounded in a specific point of view and therefore open to manipulation.

Information always reflects something about its source and its
purpose. Already in the inter-networked web where we can have both
real-time and encyclopedic intelligence information fused from organic
and non-organic sources computer mediated activities will enable the
users to increase their active participation from the strict pragmatic
response that come from the reading of a descriptive text narrative to a
full emotional participation to a dramatic enactment of an event. This
will change substantially the nature of operational activity as the
immediacy and emotional closeness of the event circumvents much of the
truth verification, the “sanity checks” processes that are usually
constrained by longer decision cycles. The consequences of this
“immediacy” of multimedia computer mediated interactions is a subject of
research that is still in its infancy. The combination of highly
emotionally charged pictures, sound, coupled to the personal engagement
of the decision makers will open the avenue to vulnerabilities that come
from intentional orchestration of preplanned discourse and events.
Using morphed and altered images inserted during a live broadcast
adversaries can use the response of such an orchestration to control
rapidly and dramatically national decision making processes.

3.8 Information Warfare Strategic Analysis Matrix (IWSM)

By placing the intended targets and the levels of effects in a table
we create the final analysis matrix. The Information Warfare Strategic
Analysis Matrix helps investigate meta- strategic issues that are
derived from the planning and decision making process. The analysis
centers around target selection, weapon selection and the analysis of
the outcomes of such choices.

Information Warfare gives us a series of possible courses of
actions, some of which are already well known and many new areas for
which there are no capabilities yet. This final analysis matrix
incorporates both past military capabilities and highlights areas in
which Information Warfare activities demands the development of new
offensive and defensive capabilities. It also drive us to seek a better
understanding of what is truly Information Warfare.

In reviewing the IWSM we can deduce that the usage of well know
capabilities such as hard steel has predictable outcomes. For example,
if we wanted to physically destroy an individual's system, one could
plant a virus that would destroy the data or some of the components
making the system and the data unusable, blow up the system with a bomb,
or even steal the system. Either way the results are the same. The
effect is limited and controllable: denial of service. But this does
not necessarily remove or eliminate the conflict. The intentionally is
still there. Chances are that the conflict will find another outlet or
tool set and continue anew. But this type of action has the advantage
of imposing control and order so that other mechanism of conflict
resolution such as political or governmental can be put in place to
resolve or diffuse the conflict.

However the matrix point out that there are regions of unpredictable
effects with unknown consequence in the management of the conflict.
Further analysis is required in these areas, in order to develop an
understanding, a capability and a defense. It is certain that
Information Warfare activities will move toward these areas because they
represent opportunities for high payoffs. They represent areas in which
Information Superiority can be achieved without having recourse to the
traditional military warfigting infrastructure. For very little costs a
small organization can wage a pure information war without having to
build an Army, Navy or Air Force. And it is specifically in these areas
that our military must seek new understanding, capabilities and skills
in order to recognize the treat and to defend ourselves against it.

3.8.1 Predictable Outcomes

In looking at the matrix we see that we already have capabilities to
operate in some areas. Mostly these are areas in which any actions will
produce predictable outcomes. These controllable outcomes can be
generated by a host of actions. This includes the some elements of C2W
such as EW and Physical Destruction. These effects are obtained through
the usage of physical and syntactic class of weapon on single
goal/single decision maker and single goal/multiple decision maker types
of organizations.

For the military this encompass the traditional warfare area. It is
possible to destroy physically all the information nodes of an dispersed
organization but it is quite difficult. Suffice it to point out that
such an objective could be achieved by a coordinated series of actions
that destroy some of the more important elements of an information
system this would achieve the same intended result. However, the
propagation of a network virus may be much simpler and will have a much
more damaging effect. In some circumstance simply delaying some
computational processes may me sufficient to achieve the same goal. In
a Just- In-Time army logistic system any delay caused by a purposefully
planted syntactical level weapon will damage the effectiveness of any
operation without the victim organization realizing it has being
successfully defeated even before a physical engagement.

3.8.2 Unpredictable Outcomes

However, at present the use of Information Warfare weapons in other
areas of the matrix will result in some unpredictable effects. In some
cases in order to achieve information superiority, the creation of
"ruptures" in the adversary's command and control systems as well as in
the social, economic, and civil information infrastructure of the a
country might be necessary. In well bounded and closed systems such as
command and control information systems the effects of a syntactical
weapon will have absolutely no collateral damage. But attacking some
other systems will have as consequence a series of effects that will
propagate through several other networks and have negative consequences
on the final objective. Akin to shooting oneself in the foot.

Attacking an economic system will affect all economic system because
they are all linked to one another in a global market place
infrastructure. The reason for this comes from our understanding of
nonlinear systems. Chaotic behavior in a system can explain some of
these effects. Under certain initial conditions, some of the parameters
can be made to create oscillation in the network, creating positive
feedback in the control mechanisms. This results in catastrophic system
behavior. This chaotic behavior is dependent on the linkages or
"coupling" between the elements in the networks as well as in the
linking relationship between the networks themselves. The system that
will be targeted need to be investigated and the linkages need to be
highlighted as to their sensitivity to propagate negative effects of
Semantic Weapons. Systems and networks can either be loosely or tightly
coupled.

3.8.2.1 Loosely Coupled Systems

Loosely coupled systems have a fair amount of buffering between the
various common variables that are part of the different processes and
elements. This buffering between systems permit more stable behavior
overall . This stability is due to several underlying factors. Most of
which are part of the information systems architecture involved. This
applies to all three level of structures at the physical, syntactic and
semantic level of the type of target structure. For example at the
physical level of the Internet the architecture model allows for a fair
number of failures and corruption and still remain survivable overall.
But at the semantic level of the more active and radical Usernet groups
the coupling is quite tight.

Information Systems that support distributed decision makers, must
ensure a reasonable number of checks and balances and help maintain
system stability. Disruption and full control of those systems is
feasible but difficult because of the loosely coupled decision making
processes. However as we automate and move up towards knowledge enabled
organization then more and more computational processes will take over
some of burden for routine decision making. This changes the
interactions between organization from being loosely coupled to closely
coupled.

3.8.2.2 Closely Coupled Systems

In closely coupled systems, then the prevailing conditions in one
system can be amplified through the network to other systems. This can
create the chaotic "butterfly effect" small local changes cause large
effect because of positive nature of feedback and amplification in the
network. Information systems, inter- networked organization, and even
global networks, in times of crisis behave as tightly coupled systems.
Positive feedback mechanisms will create severe ruptures in the normal
order of system behavior, as seen in some of the stock market or
engineering disasters 5.

Command and control information systems and their supporting
networks are also closely coupled networks. Sensor to shooter coupling
with distributed and network decision making will be subject to chaotic
behavior especially if Rules of Engagement permit third party or remote
firing. Recent failures of command and control systems in blue on blue
engagements show how tightly coupled systems can fail. Taking
advantages (control) of these closely coupling systems will be one of
the challenge that Information Warfare presents to a modern military
organization.

Waging Information Warfare using syntactic or semantic weapons will
be particularly effective strategy if the target is a closely coupled
network. Unfortunately the disruption will be such that the side
effects could have a tremendous backlash within our own infrastructure.
Inevitably, the effects will be transmitted to all participants in the
network with unpredictable side effects and unforeseen disruptions. At
present IW weapons do not have the capacity to limit such types of side
effects, but it is this fact will not be lost on organizations that
advocate terrorism as modus operande. These are well suited terrorist
weapons. The development of Information Warfare defensive measures are
essential as they will be necessary as part of a civil defense plan.

3.9 IW Control Models and Decision Systems

In developing this conceptual framework, several other concepts need
to be touched upon. As Information Warfare is a new hypothesis of how
traditional military activities position themselves in relation to one
another. Our understanding of other concepts need to be reviewed and
analyzed anew in context of this new representation of warfare. They
are all elements of military capabilities such as the shifting role and
loss of relative importance of the platforms in relation to the command
and control network, the problem of control and decision making in a
distributed organization, and the importance of developing a common
shared representation of the conflict and the battlespace. These are
all at present research domains but will become quickly central issues
in the development of Information Warfare capabilities.

3.9.1 Sensors/Weapons and Platforms

There will be a fundamental shift in the relative importance of the
role traditional platforms will have in the future. At present military
organizations have a small number of large platforms all having a
suitable mix of organic communication suites, dedicated and specific
sensors slaved to a small number of unique weapons systems. Each have a
command and control system but they are not well integrated as a whole
except through limited bandwidth communication systems. In the future
the emphasis will be to have a large numbers of much smaller platforms
semi specialized around either sensors or weapons with a smaller command
and control systems but all platform are very well integrated together
through a unique and global command network.

The most important capability of this command network will be the
ability to fuse organic and non-organic sensor information. No single
platform will become the high value unit of the battleground. The
allocation of targets to sensors to weapons will be done based on a
dynamic assessment of critical priorities. Threat assessment and weapon
assignment will no longer be at the platform level but at the force
level. In this respect individual platforms will become secondary to
the command and control infrastructure that will act as a super
weapon/sensor system. Resource will shift from building the faster
bullet to the more powerful algorithm.

3.9.2 From Simple Cybernetic to Multi-Agent Control

The growth of military command and control information networks will
transform our idea of control. Traditionally, our military
organizations have a rigid and hierarchical structure of decision making
processes. The span of control should be congruent the scope and
importance of the problem at hand problems. This also increases the
confusion between what is tactical and strategic. A soldier in a
foxhole is preoccupied with winning his battle, not the whole war, as
there are too many elements outside his control but a decision at his
level will in a way affect the course of the war. Was it a tactical
situation or a strategic situation?

Our control exemplar is still based on the single decision maker
cybernetic model of control faced with the problem of how to optimize a
single goal under constraints of limited resources and time. This model
served as a template for weapon systems design and has been adopted for
most planning processes but it is of limited value when faced with the
reality of several decision makers meshed in together through the use of
command and control information system. The problem of predetermining
the appropriate level of control to the right level becomes very
difficult. If decision makers try to optimize the outcome at their
level the result is a global sub-optimization. They win the battles but
lose the war. This is the situation we face now. Because of the
structure of military organization plays against the natural diffusion
of control that comes from being a participant in a network. Network
require different control structures than hierarchies.

One approach to this problem to try to enhance all the decision
makers understanding of all the constraints faced by the group. If all
the decision makers share the same common understanding of the
battlefield they can in return adjust each their actions to maximize the
outcome of all the decision take together. This approach is made
possible through the use of information systems operating not a command
and control systems but as cooperating, communicating, and coordinating
system.

What emerges is a new mutation in the evolution of information
systems. Computer Mediated cooperation systems that support the
distribution and diffusion of control. This dissemination is function
on how the decision makers concurrently and cooperatively build the
context in which they will take decision. Each brings to the overall
representation a fragment of information that can be used by others to
better understand the overall context of their own actions and
objectives. In Sum they are building a better global understanding of
what is happening, see a better representation of what needs to be done
and can they take decisions in concert with others to optimize all their
resources for the problem at hand.

The essence of operational control would not be based on the focused
understanding of single decision maker, but in a shared and common
representation of the battleground in which each agent decides his own
course of action based on his understanding of the total global picture.
Much as a beehive behaves as a single entity even though it is composed
of a multitude of independent actors. Coordination and synchronization
mechanisms are not inherent to a hierarchical structure but from a peer
to peer dialogue and mediation process based on consciousness and
awareness mechanisms. This more complex model of control 6 however,
will never replace at all levels the traditional military hierarchical
structure. But it will certainly displace some levels of command
because it is a more flexible scheme that permits a faster adaptation of
the organization to prevailing changes in the environment.

3.10 Visualization and Semiotics

Command and Control Information Systems continue to evolve. They
will progress from being strictly closed military structures to open and
interconnected true socio-technical structures. With a large number of
participants in the network. Some of the participants have differing
goals as well as in some cases different cultural background. This
bring up the discussion of interpretation. and the requirement for the
development of systems which fit different cognitive styles and have
different presentation mechanisms. The use of military symbols is a
case and point. For example, military tactical symbols and icons have
unique importance in command and control systems. In many respects they
have a unique grammar. They have a well defined set of formal rules for
syntax, semantics, and pragmatics (reaction to a symbol that indicates
an unknown). These military symbols will play a critical role in any
future shared virtual environments. Until the system can represent,
with a high degree of accuracy, the object itself, symbols will act as
the main representation method. Symbols permit the rapid understanding
of complex data and information, which range from physical attributes to
final intentions. There are specific military symbols for almost all
air, surface and subsurface objects. They can represent, foes,
unknowns, jokers, prowlers etc. Military symbols associate by a single
icon both the object and its intention. It is these representations
that are the basis for all operational military situation assessment and
decision making. In fact the present set of symbols are used as the
basis for developing shared representation. Interoperability between
military organizations is expressly based on the exchange of these
symbol sets. However, semiotics analysis shows that the present
military symbol set proposes only a limited and closed representation of
a situation. In situations that do not require strict military action
then these representation do not help in understanding what is
happening.

Specifically, the present symbol set deals with only one phase of
the conflict spectrum, the battle management phase. This is the last
phase of an Information Warfare operation. It represents a defined
problem area in that specific configurations of objects and events
compose logical propositions that speak to, and about battle only. In
future military Command and Control Information Systems, the present
unique symbol sets, with their underlying phenomenology, create a frame
of reference that both explains and predetermines a specific pragmatic
response to these objects and events. This is the original intention of
such a representation. These representations are very powerful and
effective. But as military organizations are called upon more often to
participate and act in earlier phases of conflict such as aid to civil
defense, emergency response, humanitarian aid etc, as well as in
Information Warfare activities then the present symbol set becomes a
serious hindrance in both the understanding of the problem and the
cooperative search for innovative solutions. A semiotically richer
information environment is needed.

3.11 Officer Training and Education

The present capability of the Canadian Forces to select and prepare
officers to operate under the constraint of the changing state of
information technology falls short of the present and future needs of
the Canadian Forces. The present selection and development process in
the area of information systems is strictly a "reproduction" of passed
officers experiences in strategic and tactical communications. It does
not take into consideration the fundamental changes that have happened
at the technical level as well as how information technology is changing
the "Command and Control" field of study as well as their resulting
concomitant impact on the CF structure and organization.

It is clear that in general the technical "revolution" and the new
concepts of"Consultation, Command and Control" (C3) have not been
integrated into the preparation of officers that will be responsible for
these systems. The theoretical conceptual frameworks are absent in the
areas of cognitive engineering, knowlegege engineering, and modern
information system developement practices and methods. Only certain
aspects of new information management techniques have been incorporated.
Preparation for the problem of managing and fostering technical and
scientific innovation is not part of the present curriculum.

Furthermore, and more seriously none of the aspects of how command
and control information systems creates both order and disorder, and how
it can be used to control uncertainty and instability are introduced any
where in the educational process of an officer. These critical areas
are not being presented or discussed. In fact the whole area of the
impact of information systems on national security is not even
mentioned. An awarness and an understanding of these issues and
principles are fundamental in preparing individual that have the mandate
to develop, field and operate information systems that will enable world
wide action, national and international cooperation, and help in the
management of incertitude as well as force and violence in support of
conflict resolution.